Feeds

Terror phone clone scam exposed

Rogers bill probe unveils abuse

Internet Security Threat Report 2014

Affiliates of terrorist organization Hezbollah cloned the mobiles of senior executives of Canadian operator Rogers Communications, including chief exec Ted Rogers. Even though the firm had technology in place to trigger alerts over suspicious departures in call activity, Rogers staffers were too frightened of inconveniencing bosses to do anything about the fraud, Canadian paper the Globe and Mail reports.

The scam only came to light after law professor Susan Drummond challenged a mobile phone of C$12,000 she received after her return from a month-long trip to Israel. The monster mobile bill listed more than 300 calls made in August to foreign countries including Libya, Pakistan, Russia and Syria. Drummond was told she'd have to foot the bill despite her protests than she'd never previously made overseas calls using the account. Her normal bill was around C$75.

Rogers' continued insistence that the bill nevertheless had to be paid prompted Drummond and her partner, Harry Gefen, to begin investigating. That probe hit pay dirt when Gefen tape recorded an interview with a Rogers security manager, Cindy Hopper, who was speaking at a conference on telecoms fraud in Toronto in September. Unaware that Gefen was an aggrieved punter, Hopper told him that terrorists groups linked to had Hezbollah repeatedly cloned the mobile phones of senior Rogers execs in 1997 and 1998. Senior Rogers' execs were perfect targets for fraud since staffers could not be sure if calls were legitimate or not. Fear of inconveniencing their superiors over something that turned out to be a false alarm prevented workers from taking any action.

"They were cloning the senior executives repeatedly, because everyone was afraid to cut off Ted Rogers' phone," Hopper told Gefen, in an interview that recognised the cleverness of the social engineering trick. "They were using actually a pretty brilliant psychology. Nobody wants to cut off Ted Rogers' phone or any people that are directly under Ted Rogers, so they took their scanners to our building... Nobody wants to shut off Ted. Even if he is calling Iran, Syria, Lebanon, and Kuwait."

During the interview, Hopper confirmed that Rogers had a system in place similar to those used by banks to flag up suspicious card transactions that was capable of spotting fraud-in-progress. The information obtained by her partner enabled Drummond to file a small court claim against Rogers Wireless alleging that it "profiting from crime" by failing to shut down stolen mobile phones.

Initially Rogers resisted this action arguing that Drummond was responsible for calls made on the account prior to reporting that her phone was been misused. However after the story broke over the weekend, Rogers CEO Ted Rogers intervened and offered to write off the debt along with paying Gefen and Drummond's out-of-pocket expenses. Drummond also extracted from the chief exec to a promise to attend their house and hear their concerns over a cup of tea.

"I'm glad that we got somewhere with this fight, but it shouldn't take a law professor and a technology journalist to make them behave like decent corporate citizens," Drummond told the Globe and Mail. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.